Cloud computing drives businesses today. At least at some level for each. The Certified Cloud Security Professional (CCSP) exam is growing at a rate that matched CISSPs early growth. Understanding what it takes to secure the cloud today is essential for information security professionals.
If you already have your CISSP this exam gets easier. I
Welcome to Domain 1! The first thing I highly recommend is that you should download the Cloud Security Alliance's (CSA) Guidance 4.0 document. This exam is a joint venture between (ISC)2 and the CSA. It is very useful to read this document.
Not all of it right this moment, rather across this whole course. Start now by browsing the table of contents.
Governance, Risk Management & Compliance.
Service Models.
The cloud and its contracts.
Building the cloud.
Securing the cloud.
Control verification.
Threats to the Cloud.
Related technologies.
Forensics Introduction.
Introduction to Data Security.
Cloud Data Lifecycle.
Data Protection Policy.
Data Classification.
Data Science.
Data Governance.
Structured Data - DB & Data Warehouse.
Unstructured data - Big Data.
Data Storage.
Data Dispersion.
Application Programming Interface (API).
Introduction to Encryption.
Encrypting Data In Use.
Encrypting Data at Rest.
Encrypting Data in Transit SSH.
Encrypting Data in Transit: TLS.
Encrypting Data in Transit: IPSec.
Symmetric Encryption.
Intro to Asymmetric Encryption.
Use of Public & Private Keys.
Hashing.
Key Storage Location.
Key Management.
PKI.
Key storage hardware.
Masking.
Tokenization.
Obfuscation.
Anonymization.
Maturity Models.
DRM & IRM.
Emerging Technologies.
Intro to Platform & Infrastructure.
Architecture.
Compute, Storage and Network.
Intro to Networking and Switches.
VLAN & Virtualized LAN.
IP and Routers.
Software Defined Network.
Content Defined Network.
Virtual Private Network.
DNS & DNSSec.
OS Hardening.
DRS & DO.
NSG and SAN.
Fibre Channel - Part 1.
Fibre Channel - Part 2.
Data Storage.
RAID & Erasure Coding.
Egregious 11 - 1-5.
Egregious 11 - 6-11.
Treacherous 12.
Risk Appetite.
Risk Tolerance.
Basic Risk Terms.
Quantitative Risk Assessment.
Qualitative Risk Assessment.
Risk Response.
Basic IAAA Introduction.
Authorization and RBAC.
Attribute based access control.
Single Sign-On.
SAML.
OAuth, OpenID, & WS-Federation.
CASB.
Firewalls.
IDS & IPS.
Micro-Segmentation.
Hyper-Segmentation.
Blast Radius.
Activity Monitor.
DLP
Data Center Tiers.
Hot & Cold Air Aisles.
BCM Introduction.
Beginning of BCP/DRP planning.
BIA part 1 Risk Assessments.
BIA part 2 MTD to RTO.
BIA part 3 RTO to RPO.
BIA part 4 SDO and RSL.
Cloud Recovery Strategies.
Document and Test the plan.
Embed in the Community.
Introduction to the Legal Domain.
Basic Cloud Forensics.
Privacy laws and regulations.
Basic forensic rules.
GDPR.
Other Privacy Laws.
Privacy Management Framework and Maturity Models.
FedRAMP & CLOUD Act.
Introduction to PCI.
PCI Requirements 1-3.
PCI Requirements 4-6.
PCI Requirements 7-12.
ITAR & EAR.
Industrial Control Systems.
Audits and SOC reports.
Gap analysis and CSA STAR, CCM & CAIQ.
CSA Star and CCM.
Risk appetite and risk profile.
Risk Tolerance.
Basic Risk Terminology.
Quantitative Risk Assessment.
Qualitative Risk Assessment.
Risk Response.
Forensics Introduction.
Basic Cloud Forensics.
E-Discovery
Introduction & What is Clean Code.
Software Development Life Cycle (SDLC).
Supply Chain Management.
Software Development Methodologies.
DevOps Practices.
Extra -My thoughts numbers 4 the test.
CI/CD and DevSecOps.
Software Verification & Validation.
Software Testing.
Introduction to Operations.
Building Secure Data Center.
Manage Cloud Environment /DC.
Patch Management.
Firewalls & Network Security Groups.
IDS & IPS.
ITIL & ISO/IEC 20000.
ITIL Continuity, Incident and Problem management.
Security Operations Center (SOC).
Logging.
Packet Capture.
Data Center Tiers 1 & 2.
Data Center Tiers 3 & 4.
Honeypots.
Vulnerability Assessments & Pen Testing.
Penetration Testing Process.
Data & Media Sanitization.
Business Continuity Management.
BCM - Issues.
Business Continuity Plans - Policy.
Project Management & Initiation.
BIA - MTD to Disaster Declaration.
BIA - RTO to RPO.
BIA - SDO and RSL.
Disaster Recovery Strategies.
Document the Plan.
Implement, Test and Update.
Embed in the User Community.